Cybersecurity has become a major risk for financial markets and stability according to the Commodity Futures Trading Commission Chairman. Companies and regulators are increasingly emphasizing cybersecurity. Lexis Securities Mosaic allows users to research cybersecurity through guidance from regulators, disclosures in company filings, rulemaking, enforcement actions, news and commentary, and law firm memos.
Who is Spencer McDaniel? And Does He Actually Exist?
Lexis Securities Mosaic - Cybersecurity
1. Cybersecurity
In a series of speeches earlier this year, Commodity Futures Trading Commission Chairman Timothy
Massad repeated the remark that cybersecurity has become “perhaps the single most important
new risk to market integrity and financial stability.” Indeed, with high-profile data breaches seemingly
happening more frequently, cybersecurity has become an area of greater emphasis for companies
and regulators alike.
How can Lexis® Securities Mosaic® help?
Securities Mosaic®
allows you to conduct research or stay current on a specific topic like cybersecurity across a
broad spectrum of materials from a single gateway. Below are some examples.
Guidance
• In April 2014, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a series of
examinations aimed at identifying cybersecurity risks and assessing cybersecurity preparedness in the securities
industry. Following up on that initiative, OCIE recently issued a Risk Alert providing information on the areas of
focus for the second round of cybersecurity examinations of broker-dealers and investment advisers. These
examinations will involve more testing to assess implementation of firm procedures and controls, and will focus
on governance and risk assessment; access rights and controls; data loss prevention; vendor management;
training; and incident response.
• In Comment Letter review of filings, SEC examiners may ask a company to clarify the technological and
administrative procedures it has in place to ensure privacy and security, or to spell out the risks and potential
costs of a cyber attack or breach.
• In the past two years, not just the SEC but the IRS, Federal Reserve Board, EPA and FDA have offered official
guidance or assessment tools in the area of cybersecurity. Find them on Lexis Securities Mosaic by going to our
Laws, Rules, Agencies page, searching on “cybersecurity,” and narrowing by the “Guidance” category filter.
Disclosure
• Risk Factors. Risks disclosed to prospective and current shareholders via periodic reports and in registrations
of securities offerings are always a barometer of trending topics. Recently, it has become common practice for
companies that maintain access to sensitive or confidential data to disclose risks of potential data breaches or
security concerns.
• Management’s Discussion & Analysis. When cyber attacks—or even the mere threat of such attacks—impact a
company’s bottom line, it will merit discussion in the MD&A section of the annual report.
• Proxy statements. Cybersecurity has become a concern at companies’ annual meetings, as companies seek to
adopt and refine risk mitigation policies and procedures. The issue can even impact the election of directors and
officers, as a candidate’s credentials in the area of cybersecurity may be perceived as increasingly important.
Rulemaking
• Earlier this year, the SEC formalized certain security standards for exchange-listed companies with the adoption
of its final rule 34-73639 on Regulation Systems Compliance and Integrity (“SCI”).
• In August, the National Futures Association submitted to the CFTC a proposed interpretive notice focused on
cybersecurity. If approved by the CFTC, NFA members would be required to adopt written procedures to keep
customer data secure and safeguard access to members’ electronic systems.
Lexis®
Securities Mosaic®